Finding Python Security Holes for GalCon

I'm (still) in love with GalCon, a five-minute real-time strategy game that's surprisingly addictive. Its author, Phil Hassey, would like to provide a plugin API so that users can write bots (in Python). He has posted a strawman proposal, and would appreciate feedback --- he'd prefer if comments about it were made on the pygame mailing list, because other Python game programmers are interested in the answers too. And hey --- try the game... ;-)